]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_codesigning/lib/SecAssessment.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59306.61.1.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / SecAssessment.cpp
diff --git a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
index f6aee169badbac8f85966d537258f944dedf6c8c..1db113117d57501dbd4c5d0906d34901a4b0c83d 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp
@@ -26,24 +26,16 @@
 #include "policyengine.h"
 #include "xpcengine.h"
 #include "csutilities.h"
 #include "policyengine.h"
 #include "xpcengine.h"
 #include "csutilities.h"
+#include "xar++.h"
 #include <CoreFoundation/CFRuntime.h>
 #include <CoreFoundation/CFBundlePriv.h>
 #include <security_utilities/globalizer.h>
 #include <security_utilities/unix++.h>
 #include <security_utilities/cfmunge.h>
 #include <notify.h>
 #include <CoreFoundation/CFRuntime.h>
 #include <CoreFoundation/CFBundlePriv.h>
 #include <security_utilities/globalizer.h>
 #include <security_utilities/unix++.h>
 #include <security_utilities/cfmunge.h>
 #include <notify.h>
-#include <esp.h>
 
 using namespace CodeSigning;
 
 
 using namespace CodeSigning;
 
-
-static void esp_do_check(const char *op, CFDictionaryRef dict)
-{
-       OSStatus result = __esp_check_ns(op, (void *)(CFDictionaryRef)dict);
-       if (result != noErr)
-               MacOSError::throwMe(result);
-}
-
 //
 // CF Objects
 //
 //
 // CF Objects
 //
@@ -167,11 +159,6 @@ SecAssessmentRef SecAssessmentCreate(CFURLRef path,
        SYSPOLICY_ASSESS_API(cfString(path).c_str(), int(type), flags);
 
        try {
        SYSPOLICY_ASSESS_API(cfString(path).c_str(), int(type), flags);
 
        try {
-               if (__esp_enabled() && (flags & kSecAssessmentFlagDirect)) {
-                       CFTemp<CFDictionaryRef> dict("{path=%O, flags=%d, context=%O, override=%d}", path, flags, context, overrideAssessment());
-                       esp_do_check("cs-assessment-evaluate", dict);
-               }
-
                if (flags & kSecAssessmentFlagDirect) {
                        // ask the engine right here to do its thing
                        SYSPOLICY_ASSESS_LOCAL();
                if (flags & kSecAssessmentFlagDirect) {
                        // ask the engine right here to do its thing
                        SYSPOLICY_ASSESS_LOCAL();
@@ -199,11 +186,6 @@ SecAssessmentRef SecAssessmentCreate(CFURLRef path,
                cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict);
        }
 
                cfadd(result, "{%O=#F}", kSecAssessmentAssessmentVerdict);
        }
 
-       if (__esp_enabled() && (flags & kSecAssessmentFlagDirect)) {
-               CFTemp<CFDictionaryRef> dict("{path=%O, flags=%d, context=%O, override=%d, result=%O}", path, flags, context, overrideAssessment(), (CFDictionaryRef)result);
-               __esp_notify_ns("cs-assessment-evaluate", (void *)(CFDictionaryRef)dict);
-       }
-
        return new SecAssessment(path, type, result.yield());
 
        END_CSAPI_ERRORS1(NULL)
        return new SecAssessment(path, type, result.yield());
 
        END_CSAPI_ERRORS1(NULL)
@@ -442,13 +424,6 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
        }
 
        if (flags & kSecAssessmentFlagDirect) {
        }
 
        if (flags & kSecAssessmentFlagDirect) {
-               if (__esp_enabled()) {
-                       CFTemp<CFDictionaryRef> dict("{target=%O, flags=%d, context=%O}", target, flags, context);
-                       OSStatus esp_result = __esp_check_ns("cs-assessment-update", (void *)(CFDictionaryRef)dict);
-                       if (esp_result != noErr)
-                               return NULL;
-               }
-
                // ask the engine right here to do its thing
                result = gEngine().update(target, flags, ctx);
        } else {
                // ask the engine right here to do its thing
                result = gEngine().update(target, flags, ctx);
        } else {
@@ -456,23 +431,18 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target,
                result = xpcEngineUpdate(target, flags, ctx);
        }
 
                result = xpcEngineUpdate(target, flags, ctx);
        }
 
-       if (__esp_enabled() && (flags & kSecAssessmentFlagDirect)) {
-               CFTemp<CFDictionaryRef> dict("{target=%O, flags=%d, context=%O, outcome=%O}", target, flags, context, (CFDictionaryRef)result);
-               __esp_notify_ns("cs-assessment-update", (void *)(CFDictionaryRef)dict);
-       }
-
        traceUpdate(target, context, result);
        return result.yield();
 
        END_CSAPI_ERRORS1(NULL)
 }
 
        traceUpdate(target, context, result);
        return result.yield();
 
        END_CSAPI_ERRORS1(NULL)
 }
 
-static void
+static Boolean
 updateAuthority(const char *authority, bool enable, CFErrorRef *errors)
 {
        CFStringRef updateValue = enable ? kSecAssessmentUpdateOperationEnable : kSecAssessmentUpdateOperationDisable;
        CFTemp<CFDictionaryRef> ctx("{%O=%s, %O=%O}", kSecAssessmentUpdateKeyLabel, authority, kSecAssessmentContextKeyUpdate, updateValue);
 updateAuthority(const char *authority, bool enable, CFErrorRef *errors)
 {
        CFStringRef updateValue = enable ? kSecAssessmentUpdateOperationEnable : kSecAssessmentUpdateOperationDisable;
        CFTemp<CFDictionaryRef> ctx("{%O=%s, %O=%O}", kSecAssessmentUpdateKeyLabel, authority, kSecAssessmentContextKeyUpdate, updateValue);
-       SecAssessmentUpdate(NULL, kSecCSDefaultFlags, ctx, errors);
+       return SecAssessmentUpdate(NULL, kSecCSDefaultFlags, ctx, errors);
 }
 
 
 }
 
 
@@ -484,9 +454,6 @@ Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *e
 {
        BEGIN_CSAPI
        
 {
        BEGIN_CSAPI
        
-       CFTemp<CFDictionaryRef> dict("{control=%O}", control);
-       esp_do_check("cs-assessment-control", dict);
-
        if (CFEqual(control, CFSTR("ui-enable"))) {
                setAssessment(true);
                MessageTrace trace("com.apple.security.assessment.state", "enable");
        if (CFEqual(control, CFSTR("ui-enable"))) {
                setAssessment(true);
                MessageTrace trace("com.apple.security.assessment.state", "enable");
@@ -527,11 +494,13 @@ Boolean SecAssessmentControl(CFStringRef control, void *arguments, CFErrorRef *e
                return true;
        } else if (CFEqual(control, CFSTR("ui-enable-notarized"))) {
                updateAuthority("Notarized Developer ID", true, errors);
                return true;
        } else if (CFEqual(control, CFSTR("ui-enable-notarized"))) {
                updateAuthority("Notarized Developer ID", true, errors);
+               updateAuthority("Unnotarized Developer ID", true, errors);
                MessageTrace trace("com.apple.security.assessment.state", "enable-notarized");
                trace.send("enable Notarized Developer ID approval");
                return true;
        } else if (CFEqual(control, CFSTR("ui-disable-notarized"))) {
                updateAuthority("Notarized Developer ID", false, errors);
                MessageTrace trace("com.apple.security.assessment.state", "enable-notarized");
                trace.send("enable Notarized Developer ID approval");
                return true;
        } else if (CFEqual(control, CFSTR("ui-disable-notarized"))) {
                updateAuthority("Notarized Developer ID", false, errors);
+               updateAuthority("Unnotarized Developer ID", false, errors);
                MessageTrace trace("com.apple.security.assessment.state", "disable-notarized");
                trace.send("disable Notarized Developer ID approval");
                return true;
                MessageTrace trace("com.apple.security.assessment.state", "disable-notarized");
                trace.send("disable Notarized Developer ID approval");
                return true;
@@ -583,6 +552,23 @@ Boolean SecAssessmentTicketRegister(CFDataRef ticketData, CFErrorRef *errors)
        END_CSAPI_ERRORS1(false)
 }
 
        END_CSAPI_ERRORS1(false)
 }
 
+Boolean SecAssessmentRegisterPackageTicket(CFURLRef packageURL, CFErrorRef* errors)
+{
+       BEGIN_CSAPI
+       
+       string path = cfString(packageURL);
+       Xar xar(path.c_str());
+       
+       if (!xar) {
+               MacOSError::throwMe(errSecParam);
+       }
+       
+       xar.registerStapledNotarization();
+       return true;
+       
+       END_CSAPI_ERRORS1(false)
+}
+
 Boolean SecAssessmentTicketLookup(CFDataRef hash, SecCSDigestAlgorithm hashType, SecAssessmentTicketFlags flags, double *date, CFErrorRef *errors)
 {
        BEGIN_CSAPI
 Boolean SecAssessmentTicketLookup(CFDataRef hash, SecCSDigestAlgorithm hashType, SecAssessmentTicketFlags flags, double *date, CFErrorRef *errors)
 {
        BEGIN_CSAPI
@@ -593,3 +579,13 @@ Boolean SecAssessmentTicketLookup(CFDataRef hash, SecCSDigestAlgorithm hashType,
        END_CSAPI_ERRORS1(false)
 }
 
        END_CSAPI_ERRORS1(false)
 }
 
+Boolean SecAssessmentLegacyCheck(CFDataRef hash, SecCSDigestAlgorithm hashType, CFStringRef teamID, CFErrorRef *errors)
+{
+       BEGIN_CSAPI
+
+       xpcEngineLegacyCheck(hash, hashType, teamID);
+       return true;
+
+       END_CSAPI_ERRORS1(false)
+}
+
mirror of Security